Streamlining Preparation for CMMC 2.0

CMMC 2.0 featured

The Department of Defense has recently released plans for CMMC 2.0, the revised standards for compliance and security in the DoD supply chain. Many contractors working with DoD agencies were already gearing up for CMMC 1.0, and now are left wondering what is next for them and their business.

The important thing to remember is that CMMC 1.0 hasn’t gone away, and as such it’s possible to continue on your current compliance path, based on any RFP requirements and streamline your path to CMMC 2.0 compliance.

 

Read More

Can I Use a Plan of Action and, Milestones (POA&M) in CMMC?

POA&M featured

CMMC has become a strict, rigorous set of regulations for contractors working with the Defense Department. It is a clear map of maturity and capabilities; its implementation of NIST 800-171 controls; and its call for complete compliance before certification make CMMC audits challenging for many unprepared businesses. Unlike other frameworks, CMMC doesn’t allow for documents like a Plan of Action and Milestones (POA&M) to stand in for actual compliance. 

CMMC 2.0 seems to change that. Here, we will discuss a POA&M and what it means within the CMMC framework. 

Read More

Penetration Testing and CMMC Compliance

cmmc penetration testing featured

Penetration testing is an increasingly common security practice for many businesses using sophisticated IT or cloud systems. Under CMMC, penetration testing is even more important because achieving higher levels of responsibility and capabilities calls for some form of penetration testing. 

Here we’re discussing how penetration testing plays into CMMC regulations and when you can begin to expect it as a requirement. 

Read More